vendor:
Module Gallery
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Module Gallery
Affected Version From: 2000.2.2
Affected Version To: 2000.2.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
XOOPS Module Gallery 0.2.2 SQL Injection Exploit
XOOPS Module Gallery 0.2.2 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL statement that is executed by the backend database.
Mitigation:
The best way to mitigate SQL injection attacks is to use parameterized queries. This ensures that user input is treated as a literal value instead of executable code.